X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:content-type :content-transfer-encoding:mime-version; q=dns; s=default; b=TBh QTXVYXtI5rqEcJJswFAW1QiS2IOhAy3h4gvAJIK1VQWn54M1CTlsTAp0VH5GmmHF rG5H33VXivq6cDdfmUzeMYUXgYbfbENGB0jTCMo53rVS4OeQKE83G5FdDjmwM7Qu 96fJHTbIkiNUnINW0V/MoX3Q4jxBCFbW3vYnGOK0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:content-type :content-transfer-encoding:mime-version; s=default; bh=QkxMG5hRK hWt5rPPyl7repe5eFQ=; b=yLMelGFfBwGWgX3kKiNINxpNMxfKlPr3yjru4fIqu 1K2x3nfRkfI8Clbzf7xaaNNK18eHdj7cOYqeIMS5Go2jQYdl+MhKCRicCcpGf9xW s7PHqvLUbN4ci+Dsoazwel0IGTZtE9Wefy+7d+Evfzca0wGpNFzY1iE4Xab8nwqG FY= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.9 required=5.0 tests=AWL,BAYES_20,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: nihxway5out.hub.nih.gov X-IronPortListener: Outbound_SMTP X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgwFAGexA1OcKEeu/2dsb2JhbABZgwY4V79lT4EcFnSCJwEEEihRARUVCwMGLxMXAQ4BBBsah2MNmy2EdqttF44zQg6DDIEUBI5kin6FPYs1gy2CKg From: "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" To: "cygwin AT cygwin DOT com" Subject: Testers needed: New passwd/group handling in Cygwin Date: Tue, 18 Feb 2014 19:18:28 +0000 Message-ID: <5F8AAC04F9616747BC4CC0E803D5907D0C48E864@MLBXv04.nih.gov> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-IsSubscribed: yes Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id s1IJIi02008012 This will not work (verified!) for code run from under an unmanaged Windows service account (NT_Service\...), once the machine changes its password per security policy (the access then becomes anonymous and will result in only first 100 entries returned): winsup\cygwin\passwd.cc: else if (group) ret = NetGroupEnum (NULL, 2, (PBYTE *) &buf, MAX_PREFERRED_LENGTH, &max, &total, &resume); else ret = NetUserEnum (NULL, 20, FILTER_NORMAL_ACCOUNT, (PBYTE *) &buf, MAX_PREFERRED_LENGTH, &max, &total, (PDWORD) &resume); This is what I was trying to point out, in my earlier message... Anton Lavrentiev Contractor NIH/NLM/NCBI P.S. This behavior is obscurely documented in here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa370610(v=vs.85).aspx (by the virtue of that page is pointed to from NetUserEnum and NetGroupEnum: http://msdn.microsoft.com/en-us/library/windows/desktop/aa370652(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/desktop/aa370428(v=vs.85).aspx) The number of entries returned by this function depends on the security descriptor located on the root domain object. The API will return either the first 100 entries or the entire set of entries in the domain, depending on the access privileges of the user. The ACE used to control this behavior is "SAM-Enumerate-Entire-Domain", and is granted to Authenticated Users by default. Administrators can modify this setting to allow users to enumerate the entire domain. The bad thing is that there is error indication at reaching the 100, so it just looks like your environment has suddenly reduced to exactly 100 users... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple